On Sep 18, 2006, at 2:34 PM, Python wrote:
> On Mon, 2006-09-18 at 14:24 -0400, Jim Fulton wrote:
>> On Sep 18, 2006, at 2:16 PM, Python wrote:
>>
>>> On Mon, 2006-09-18 at 10:27 -0700, Ben Bangert wrote:
Why do you assume the session store is untrusted? If someone can
hack
into
On Mon, 2006-09-18 at 14:24 -0400, Jim Fulton wrote:
> On Sep 18, 2006, at 2:16 PM, Python wrote:
>
> > On Mon, 2006-09-18 at 10:27 -0700, Ben Bangert wrote:
> >> Why do you assume the session store is untrusted? If someone can hack
> >> into my database, they can typically hack into my web applic
On Sep 18, 2006, at 2:16 PM, Python wrote:
> On Mon, 2006-09-18 at 10:27 -0700, Ben Bangert wrote:
>> Why do you assume the session store is untrusted? If someone can hack
>> into my database, they can typically hack into my web application so
>> its pretty weird to consider the backend session s
On Mon, 2006-09-18 at 10:27 -0700, Ben Bangert wrote:
> Why do you assume the session store is untrusted? If someone can hack
> into my database, they can typically hack into my web application so
> its pretty weird to consider the backend session store to be
> "untrusted".
You are assuming tha
On Sep 15, 2006, at 7:23 PM, René Dudfield wrote:
> That seems like a good way to stop the untrusted session store from
> being able to inject sessions in there. That could at least solve the
> problem of using pickles from untrusted session stores.
>
> Are you just using the basic python types?
